General
-
Target
5780dea262044531b19f3194408aad91.bin
-
Size
66KB
-
Sample
231109-b5hetaeg5t
-
MD5
9170df0eb93ddffec935e495c0a072f7
-
SHA1
d6d70ba25a97ed91cbe6c60ebfde52eefab20810
-
SHA256
c11dc2710204f067e738814b4d6153746459d81549b35b7fd3084278ee87ae46
-
SHA512
d2047bd43c73ef1bd4465a372ef9bb646df251637f99e625933b567e9de0f4fd7dc6fd48ef6319dc06613fcdf0e68281af70ea684445a5a438b88b35e2a1b23d
-
SSDEEP
1536:FeM3Z0TwvtkjqKdGr35N4jn4CBJqNDBnmEbB92CejtP5226ttGAmwsP7FZD2U:FeM3ZFQRGVN4JBwJQm2zObGA+P7L1
Malware Config
Extracted
darkgate
user_871236672
http://8sjimonstersboonkonline.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
false
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
BXQcSgVDRBHnbn
-
internal_mutex
txtMut
-
minimum_disk
43
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
eccf555cc4f3293e850fc35377a06d69f04b81192f3f27b645bc4cfb23fc085d.js
-
Size
252KB
-
MD5
5780dea262044531b19f3194408aad91
-
SHA1
a2579952eedec5ec649f589c1e797c91a05eaf93
-
SHA256
eccf555cc4f3293e850fc35377a06d69f04b81192f3f27b645bc4cfb23fc085d
-
SHA512
e45f5351921016ff87e6d81cc1eaade7c88324f847ec37dd60d08bc4830ebe6fb6b00f9623d3438d03c48236f091fff19f239face730ddfa2c9ea6640adc55c3
-
SSDEEP
6144:Ye7hgXeerjqlI2Iro+/e7hgXeerjqlI2Iro+8:YIhgSlI234IhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-